CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-23123

CVSS 10.0v3.0pub. 2025-05-19upd. 2026-04-15

A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.

🤖 AI Analysis
How it works

An attacker with access to the management network can exploit a heap buffer overflow vulnerability (CWE-122) in the camera firmware, which involves writing data beyond the boundaries of an allocated buffer on the heap. By manipulating appropriately crafted input data, the attacker can overwrite critical memory structures and take control of code execution on the device. The vulnerability does not require authentication or user interaction.

Impact

An attacker can remotely execute arbitrary code on the device (RCE), which in practice means complete takeover of the camera, violation of data confidentiality and integrity, and the ability to disrupt its operation.

Mitigation & patch

UniFi Protect camera firmware should be updated as soon as possible to a version newer than 4.75.43. The manufacturer published detailed information about available patches in a security bulletin available at the address indicated in the references. Additionally, it is recommended to restrict access to the management network exclusively to trusted hosts through network segmentation and firewall rules.

Who is affected

UniFi Protect Cameras with firmware version 4.75.43 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References